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AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the application: 

Listing of Claims: 
1.-3. (Cancelled). 

4. (Currently amended) A method of email access contro l, comprising the steps of: 

receiving a personalized access ticket containing a sender's iden tification and a 

recipient's identification in correspondence and the sender's ident ification from a sender who 
wishes to send an email to a recipient so as to specify the rec ipient as an intended destination 
of the email, at a secure communication service for connec ting communications between the 
sender and the receiver; 

controlling accesses between the sender and the recipient bv verif ying an access right 

of the sender with respect to the recipient according to the person alized access ticket at the 
secure communication service and: 

The method &f claim 1, wherein at the receiving step tho secure communicati o n 
s ervice alGO receives the sondor'o identification prooonted by tho sonder along with tho 
personalized acc o oo ticket, and at tho controlling stop the secure communication s e rvic e 
chocks checking whether the sender's identification presented by the sender is contained in 
the personalized access ticket presented by the sender, and sefeses refusings delivery of the 
email when the sender's identification presented by the sender is not contained in the 
personalized access ticket presented by the sender. 

5. (Currently amended) The method of claim 4- 4, wherein the personalized access ticket 
also contains a validity period indicating a period for which the personalized access ticket is 
valid, and at the controlling step the secure communication service checks the validity period 
contained in the personalized access ticket presented by the sender and refuses a delivery of 
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the email when the personalized access ticket presented by the sender contains the validity 
period that has already been expired. 

6. (Original) The method of claim 5, wherein the validity period of the personalized 
access ticket is set by a trusted third party - 

7. (Currently amended) The method of claim ± 4, further comprising the step of: 
issuing the personalized access ticket to the sender at a directory service for managing an 

identification of each registrant and a disclosed information of each registrant which has a 
lower secrecy than a personal information, in a state which is accessible for search by 
unspecified many, in response to search conditions specified by the sender, by using an 
identification of a registrant whose disclosed information matches the search conditions as 
the recipient's identification and the sender's identification specified by the sender along with 
the search conditions. 

8. (Currently amended) The method of claim 4 4, further comprising the step of: 
registering in advance the personalized access ticket containing an identification of a 

specific user from which a delivery of emails to a specific registrant is to be refused as the 
sender's identification and an identification of the specific registrant as the recipients 
identification, at the secure communication service; 

wherein the controlling step the secure communication service refuses a delivery of the 
email from the sender when the personalized access ticket presented by the sender is 
registered therein in advance at the registering step. 

9. (Original) The method of claim 8, further comprising the step of: 

deleting the personalized access ticket registered at the secure communication service 
upon request from the specific registrant who registered the personalized access ticket at the 
registering step. 


PAGE 6129 " RCVO AT 519/2005 3:42:37 PM [Eastern Daylight Time] ' SVR:USPT0-EFXRF-1M ' ONIS:8729306 * CSID:404 815 6555 * DURATION (mm-ss):08-58 


05/09/2005 15:44 FAX 4 04 815 6555 KS ©007 

Appln. No. Serial No. 09/277,417 
Amdt. Dated 5/9/05 

Fourth Response in Appln, Reply to Office Action of 2/8/2005 
Page 4 of 26 

10. (Currently amended) The method of claim -t 4, wherein the personalized access ticket 
also contains a transfer control flag indicating whether or not the sender should be 
authenticated by the secure communication service, and at the controlling step, when the 
transfer control flag contained in the personalized access ticket indicates that the sender 
should be authenticated, the secure communication service authenticates the sender's 
identification presented by the sender and refuses a delivery of the email when an 
authentication of the sender's identification fails. 

1 1 . (Original) The method of claim 10, wherein the authentication of the sender's 
identification is realized by a challenge/response procedure between the sender and the 
secure communication service. 

1 2. (Original) The method of claim 1 0, wherein the transfer control flag of the 
personalized access ticket is set by a trusted third party. 

1 3. (Currently amended) The method of claim 4- 4, wherein the sender's identification and 
the recipient's identification in the personalized access ticket are given by real email 
addresses of the sender and the recipient. 

14. (Currently amended) The method of claim 4- 4, wherein the sender's identification and 
the recipient's identification in the personalized access ticket are given by anonymous 
identifications of the sender and the recipient, where an anonymous identification of each 
user contains at least one fragment of an official identification of each user by which each 
user is uniquely identifiable by a certification authority. 

15. (Original) The method of claim 14, wherein the anonymous identification of each 
user is an information containing the at least one fragment of the official identification of 
each user which is signed by the certification authority using a secret key of the certification 
authority. 
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16. (Original) The method of claim 14, wherein the official identification of each user 
is a character string uniquely assigned to each user by the certification authority and a public 
key of each user which are signed by a secret key of the certification authority. 

17. (Original) The method of claim 1 4, further comprising the step of: 
probabilistically identifying an identity of the sender by reconstructing the official 

identification of the sender by judging identity of a plurality of anonymous identifications of 
the sender contained in a plurality of personalized access tickets used by the sender. 

18. (Currently amended) The method of claim 4- 4, wherein an anonymous identification 
of each user that contains at least one fragment of an official identification of each user by 
which each user is uniquely identifiable by a certification authority and a link information of 
each anonymous identification by which each anonymous identification can be uniquely 
identified are defined, and the sender's identification and the recipient's identification in the 
personalized access ticket are given by a link information of the anonymous identification of 
the sender and a link information of the anonymous identification of the recipient. 

1 9. (Currently amended) The method of claim 4- 4, wherein the link information of each 
anonymous identification is an identifier uniquely assigned to each anonymous identification 
by the certification authority. 

20. (Original) The method of claim 18, further comprising the step of: 
probabilistically identifying an identity of the sender by reconstructing the official 

identification of die sender by judging identity of a plurality of anonymous identifications of 
the sender corresponding to the link information contained in a plurality of personalized 
access tickets used by the sender. 
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21. (Currently amended) Themethodof claim 4- 4, wherein the personalized access ticket 
contains a single sender's identification and a single recipient's identification in 1-to-l 
correspondence. 

22. (Currently amended) The method of claim 4- 4, wherein the personalized access ticket 
contains a single sender's identification and a plurality of recipient's identifications in l-to-N 
correspondence, where N is an integer greater than 1. 

23. (Original) The method of claim 22, wherein one identification among the single 
sender's identification and the plurality of recipient's identifications is a holder identification 
for identifying a holder of the personalized access ticket while other identifications among 
the single sender's identification and the plurality of recipient's identifications are member 
identifications for identifying members of a group to which the holder belongs. 

24. (Original) The method of claim 23, further comprising the step of: 

issuing an identification of each user and an enabler of the identification of each user 
indicating a right to change the personalized access ticket containing the identification of 
each user as the holder identification, to each user at a certification authority, such that 
prescribed processing on the personalized access ticket can be carried out at a secure 
processing device only by a user who presented both the holder identification contained in 
the personalized access ticket and the enabler corresponding to the holder identification to 
the secure processing device. 

25. (Original) The method of claim 24, wherein the certification authority issues the 
enabler of the identification of each user as an information indicating that it is the enabler 
and the identification of each user itself which are signed by a secret key of the certification 
authority. 
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26. (Original) The method of claim 24, wherein the prescribed processing includes a 
generation of a new personalized access ticket, a merging of a plurality of personalized 
access tickets, a splitting of one personalized access ticket into a plurality of personalized 
access tickets, a changing of the holder of the personalized access ticket, changing of a 
validity period of the personalized access ticket, and a changing of a transfer control flag of 
the personalized access ticket 

27. (Original) The method of claim 26, wherein a special identification and a special 
enabler corresponding to the special identification which are known to all users are defined 
such that the generation of a new personalized access ticket and the changing of the holder of 
the personalized access ticket can be carried out by the holder of the personalized access 
ticket by using the special identification and the special enabler without using an enabler of a 
member identification. 

28. (Original) The method of claim 27, wherein the special identification is defined to 
be capable of being used only as the holder identification of the personalized access ticket. 

29. (Original) The method of claim 26, wherein a special identification which is 
known to all users is defined such that a read only attribute can be set to the personalized 
access ticket by using the special identification. 

30. (Currently amended) The method of claim ± 4, wherein at the controlling step, when 
the access right of the sender with respect to the recipient is verified according to the 
personalized access ticket, the secure communication service takes out the recipient's 
identification from the personalized access ticket by using the sender's identification 
presented by the sender, converts the mail by using a taken out recipient's identification into 
a format that can be interpreted by a mail transfer function for actually carrying out a mail 
delivery processing, and gives the mail after conversion to the mail transfer function by 
attaching the personalized access ticket. 
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31. (Cancelled). 

32. (Currently amended) A method of email access control, comprising the steps of: 

defining an official identification of each user by which each user is uniquely 

identifiable bv a certification authority, and an anonymous identification of each user 
containing at least one fragment of the official identification: and 

identifying each user bv the anonymous identification of each user in communications 

for emails on a communication network: 

¥ ho method of claim 3 1 , wherein the anonymous identification of each user is an information 
containing the at least one fragment of the official identification of each user which is signed 
by the certification authority using a secret key of the certification authority, 

33. (Currently amended) The method of claim 34 32, wherein the official identification of 
each user is a character string uniquely assigned to each user by the certification authority 
and a public key of each user which are signed by a secret key of the certification authority, 

34. (Currently amended) The method of claim £t 32, further comprising the steps of: 
receiving a personalized access ticket containing a sender's anonymous identification and 

a recipient's anonymous identification in correspondence, which is presented by a sender 
who wishes to send an email to a recipient so as to specify the recipient as an intended 
destination of the email, at a secure communication service for connecting communications 
between the sender and the receiver; and 

controlling accesses between the sender and the recipient by verifying an access right of 
the sender with respect to the recipient according to the personalized access ticket at the 
secure communication service. 

35. (Original) The method of claim 34, further comprising the step of: 
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probabilistically identifying an identity of the sender at the secure communication service 
by reconstructing the official identification of the sender while judging identity of a plurality 
of anonymous identifications of the sender contained in a plurality of personalized access 
tickets used by the sender. 

36. (Currently amended) The method of claim^22, wherein the defining step also 
defines a link information of each anonymous identification by which each anonymous 
identification can be uniquely identified, and each anonymous identification also contains the 
link information of each anonymous identification. 

37. (Original) The method of claim 36, wherein the link information of each 
anonymous identification is an identifier uniquely assigned to each anonymous identification 
by the certification authority. 

38. (Original) The method of claim 36, further comprising the steps of: 
receiving a personalized access ticket containing a link information of a sender's 

anonymous identification and a link information of a recipient's anonymous identification in 
correspondence, which is presented by a sender who wishes to send an email to a recipient so 
as to specify the recipient as an intended destination of the email, at a secure communication 
service for connecting communications between the sender and the receiver; and 

controlling accesses between the sender and the recipient by verifying an access right of 
the sender with respect to the recipient according to the personalized access ticket at the 
secure communication service. 

39. (Original) Thememodofclaim38 s furmerconiprismguiestepof: 
probabilistically identifying an identity of the sender by reconstructing the official 

identification of the sender while judging identity of a plurality of anonymous identifications 
of the sender corresponding to the link information contained in a plurality of personalized 
access tickets used by the sender. 
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40.-41. (Cancelled). 

42. (Currently amended) A communica t ion system realizing email access conlrqL 

comprising: 

a r nTnmunication network to which a plurality of user terminals are connected; 

a secure cornmunicatirwi service device for co n nectine communications between a 
sftnrler and a receiver on the communication n e tworlc. bv receiving a personalized access 
ticket containing a sender's identification an d a recipient's identification in correspondence, 
whirh is presented hv a sender whn wishes to s end an email to a recipient so as to specify foe , 
r^ pient as an intended destination of the ema i l authenticating and controlling acces ses. 
l^tween the sender and the recipient hv verify i ng an access right of the sender with respect to 
the recipient according to the personalized access ti cket: and 
S he s yatom of claim 11. further comprising - 

a secure processing device for issuing the personalized access ticket which is signed 
by a secret key of the secure processing device; 

wherein the secure communication service device authenticates the personalized 
access ticket by verifying a signature of the secure processing device in the personalized 
access ticket using a public key of the secure processing device. 

43. (Currently amended) The system of claim 4© 42, wherein the secure communication 
service device also receives the sender's identification presented by the sender along with the 
personalized access ticket, checks whether the sender's identification presented by the sender 
is contained in the personalized access ticket presented by the sender, and refuses a delivery 
of the email when the sender's identification presented by the sender is not contained in Hie 
personalized access ticket presented by the sender. 

44. (Currently amended) The system of claim 4© 42, wherein the personalized access 
ticket also contains a validity period indicating a period for which the personalized access 
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ticket is valid, and the secure communication service device checks the validity period 
contained in the personalized access ticket presented by the sender and refuses a delivery of 
the email when the personalized access ticket presented by the sender contains the validity 
period that has already been expired. 

45. (Original) The system of claim 44, further comprising: 

a trusted third party for setting the validity period of the personalized access ticket 

46. (Currently amended) The system of claim 40 42, further comprising: 

a directory service device for managing an identification of each registrant and and a 
disclosed information of each registrant which has a lower secrecy than a personal 
information, in a state which is accessible for search by unspecified many, and issuing the 
personalized access ticket to the sender in response to search conditions specified by the 
sender, by using an identification of a registrant whose disclosed information matches the 
search conditions as the recipient's identification and the sender's identification specified by 
the sender along with the search conditions. 

47. (Currently amended) The system of claim 40 42, wherein the secure communication 
service device registers in advance the personalized access ticket containing an identification 
of a specific user from which a delivery of emails to a specific registrant is to be refused as 
the sender's identification and an identification of the specific registrant as the recipient's 
identification, and refuses a delivery of the email from the sender when the personalized 
access ticket presented by the sender is registered therein in advance. 

48. (Original) The system of claim 47, wherein the secure communication service 
device deletes the personalized access ticket registered therein upon request from the specific 
registrant who registered the personalized access ticket 
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49. (Currently amended) The system of claim 4£ 42, wherein the personalized access 
ticket also contains a transfer control flag indicating whether or not the sender should be 
authenticated by the secure communication service, and when the transfer control flag 
contained in the personalized access ticket indicates that the sender should be authenticated, 
the secure communication service device authenticates the sender's identification presented 
by the sender and refuses a delivery of the email when an authentication of the sender's 
identification fails. 

50. (Original) The system of claim 49, wherein the authentication of the sender's 
identification is realized by a challenge/response procedure between the sender and the 
secure communication service device. 

51. (Original) The system of claim 49, further comprising a trusted third party for 
setting the transfer control flag of the personalized access ticket. 

52. (Currently amended) The system of claim 40 42, wherein the sender's identification 
and the recipient's identification in the personalized access ticket are given by real email 
addresses of the sender and the recipient. 

53. (Currently amended) The system of claim 40 42, further comprising: 

a certification authority device for issuing an anonymous identification of each user which 
contains at least one fragment of an official identification of each user by which each user is 
uniquely identifiable by the certification authority device; 

wherein the sender's identification and the recipient's identification in the personalized 
access ticket are given by anonymous identifications of the sender and the recipient. 

54. (Original) The system of claim 53, wherein the anonymous identification of each 
user is an information containing the at least one fragment of the official identification of 

ATLL1B02 IB3613.2 

PAGE 15/29 ' RCVD AT 5/9/2005 3:42:37 PM [Eastern Daylight Time] * SVR:USPT0-EFXRF-1/4 1 DNIS:8729306 * CSID:404 815 6555 4 DURATION (mm-ss);08-53 


05/09/2005 15:46 FAI 404 815 6555 


KS 


©016 


Appln. No. Serial No. 09/277,417 
Amdt. Dated 5/9/05 

Fourth Response in Appln, Reply to Office Action of 2/8/2005 
Page 13 of 26 

each user which is signed by the certification authority device using a secret key of the 
certification authority device. 

55. (Original) The system of claim 53, wherein the official identification of each user 
is a character string uniquely assigned to each user by the certification authority device and a 
public key of each user which are signed by a secret key of the certification authority device. 

56. (Original) The system of claim 53, wherein the secure communication service 
device probabilistically identifies an identity of the sender by reconstructing the official 
identification of the sender while judging identity of a plurality of anonymous identifications 
of me sender contained in a plurality of personalized access tickets used by the sender. 

57. (Currently amended) The system of claim 40 42, further comprising: 

a certification authority device for issuing an anonymous identification of each user which 
contains at least one fragment of an official identification of each user by which each user is 
uniquely identifiable by the certification authority device and a link information of each 
anonymous identification by which each anonymous identification can be uniquely 
identified; 

wherein the sender's identification and the recipient's identification in the personalized 
access ticket are given by a link information of the anonymous identification of the sender 
and a link information of the anonymous identification of the recipient. 

58. (Original) The system of claim 57, wherein the link information of each 
anonymous identification is an identifier uniquely assigned to each anonymous identification 
by the certification authority device. 

59. (Original) The system of claim 57, wherein the secure communication service 
device probabilistically identifies an identity of the sender by reconstructing the official 
identification of the sender while judging identity of a plurality of anonymous identifications 
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of the sender corresponding to the link information contained in a plurality of personalized 
access tickets used by the sender. 

60. (Currently amended) The system of claim 40 42 , wherein the personalized access 
ticket contains a single sender's identification and a single recipient's identification in 1-to-l 
correspondence. 

61. (Currently amended) The system of claim 40 42, wherein the personalized access 
ticket contains a single sender's identification and a plurality of recipient's identifications in 
1-to-N correspondence, where N is an integer greater than 1 . 

62. (Original) The system of claim 6 1 9 wherein one identification among the single 
sender's identification and the plurality of recipient's identifications is a holder identification 
for identifying a holder of the personalized access ticket while other identifications among 
the single sender's identification and the plurality of recipient's identifications are member 
identifications for identifying members of a group to which the holder belongs. 

63. (Original) The system of claim 62, further comprising: 

a certification authority device for issuing to each user an identification of each user and 
an enabler of the identification of each user indicating a right to change the personalized 
access ticket containing the identification of each user as the holder identification; and 

a secure processing device at which prescribed processing on the personalized access 
ticket can be carried out only by a user who presented both the holder identification 
contained in the personalized access ticket and the enabler corresponding to the holder 
identification to the secure processing device. 

64. (Original) The system of claim 63, wherein the certification authority device 
issues the enabler of the identification of each user as an information indicating that it is the 
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enabler and the identification of each user itself which are signed by a secret key of the 
certification authority device. 

65. (Original) The system of claim 63, wherein the prescribed processing includes a 
generation of a new personalized access ticket, a merging of a plurality of personalized 
access tickets, a splitting of one personalized access ticket into a plurality of personalized 
access tickets, a changing of the holder of the personalized access ticket, changing of a 
validity period of the personalized access ticket, and a changing of a transfer control flag of 
the personalized access ticket. 

66. (Original) The system of claim 65, wherein a special identification and a special 
enabler corresponding to the special identification which are known to all users are defined 
such that the generation of a new personalized access ticket and the changing of the holder of 
the personalized access ticket can be carried out by the holder of the personalized access 
ticket by using the special identification and the special enabler without using an enabler of a 
member identification. 

67. (Original) The system of claim 66, wherein the special identification is defined to 
be capable of being used only as the holder identification of the personalized access ticket. 

68. (Original) The system of claim 65, wherein a special identification which is 
known to all users is defined such that a read only attribute can be set to the personalized 
access ticket by using the special identification, 

69. (Currently amended) The system of claim 49 42, wherein when the access right of the 
sender with respect to the recipient is verified according to the personalized access ticket, the 
secure communication service device takes out the recipient's identification from the 
personalized access ticket by using the sender's identification presented by the sender, 
converts the mail by using a taken out recipient's identification into a format that can be 
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interpreted by a mail transfer function for actually carrying out a mail delivery processing, 
and gives the mail after conversion to the mail transfer function by attaching the personalized 
access ticket. 

70. (Cancelled). 

71. (Currently amended) A communication system realizing email access control, 
compristngi 

a certification authority device for d efining an official identification of each user by 
which each user is uniouelv identifiable bv the certification authority device, and an 
anon ymous identification of each user whic h contains at least one fragment of the official 
identification 

Thocyrtom of claim 7ft; wherein the anonymous identification of each user is an information 
containing contamsthe at least one fragment of the official identification of each user which 
is signed by the certification authority device using a secret key of the certification authority 
device s and 

an access control device for controlling email acc esses to a cornmumcation_network 
nn which each user is identified bv the an o nymous identification of each user in 
communications for emails on the communication network, 

72. (Currently amended) The system of claim?© 21, wherein the official identification of 
each user is a character string uniquely assigned to each user by the certification authority 
device and a public key of each user which are signed by a secret key of the certification 
authority device. 

73 . (Currently amended) The system of claim 7© 7L further comprising: 

a secure communication service device for connecting communications between the 
sender and the receiver on the communication network, by receiving a personalized access 
ticket containing a sender's anonymous identification and a recipient's anonymous 
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identification in correspondence, which is presented by a sender who wishes to send an email 
to a recipient so as to specify the recipient as an intended destination of the email, and 
controlling accesses between 1he sender and the recipient by verifying an access right of the 
sender with respect to the recipient according to the personalized access ticket 

74. (Original) The system of claim 73, wherein the secure communication service 
device probabilistically identifies an identity of the sender by reconstructing the official 
identification of the sender while judging identity of a plurality of anonymous identifications 
of the sender contained in a plurality of personalized access tickets used by the sender. 

75. (Currently amended) The system of claim 7© JL wherein the certification authority 
device also defines a link information of each anonymous identification by which each 
anonymous identification can be uniquely identified, and each anonymous identification also 
contains the link information of each anonymous identification. 

76. (Original) The system of claim 75, wherein the link information of each 
anonymous identification is an identifier uniquely assigned to each anonymous identification 
by the certification authority device. 

77. (Original) The system of claim 75, further comprising: 

a secure communication service device for connecting communications between the 
sender and the receiver on the communication network, by receiving a personalized access 
ticket containing a link information of a sender's anonymous identification and a link 
information of a recipient's anonymous identification in correspondence, which is presented 
by a sender who wishes to send an email to a recipient so as to specify the recipient as an 
intended destination of the email, and controlling accesses between the sender and the 
recipient by verifying an access right of the sender with respect to the recipient according to 
the personalized access ticket 
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78. (Original) The system of claim 77, wherein the secure communication service 
device probabilistically identifies an identity of the sender by reconslructing the official 
identification of the sender while judging identity of a plurality of link informations of 
anonymous identifications of the sender contained in a plurality of personalized access 
tickets used by the sender. 

79. -81. (Cancelled). 

82. (Currently amended) A secure comm unication service device for use a, 
ftnmmunication system realizing emai l access control, comprising: 

computer hardware: and 

computer software for caitf inp the computer hardware to connect communications 
bfttween a sender and a receiver hv receiving * personalized access ticket containing a 
Cft n/Ws iHanrification and a recipie n t's identification in correspondence, which is presented 
K Y a gander who wishes to send an email to a r e cipient so as to specify the recipient as an 
intended destination of the email. rnntrolling accesses between the sender and the 
ruri picirt bv verifying an access rig ht nf the sender with respect to the recipient according to 
the personalized access ticket: 

The secure communication service devioo of claim ^ wherein the computer software causes 
the computer hardware to also receive the sender's identification presented by the sender 
along with the personalized access ticket, check whether the sendees identification presented 
by the sender is contained in the personalized access ticket presented by the sender, and 
refuse a delivery of the email when the sender's identification presented by Hie sender is not 
contained in the personalized access ticket presented by the sender. 

83. (Currently amended) The secure communication service device of claim W 82, 
wherein the personalized access ticket also contains a validity period indicating a period for 
which the personalized access ticket is valid, and the computer software causes the computer 
hardware to check the validity period contained in the personalized access ticket presented 
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by the sender and refuse a delivery of the email when the personalized access ticket 
presented by the sender contains the validity period that has already been expired. 

84. (Currently amended) The secure communication service device of claim 79 82, 
wherein the computer software causes the computer hardware to register in advance the 
personalized access ticket containing an identification of a specific user from which a 
delivery of emails to a specific registrant is to be refused as the sender's identification and an 
identification of the specific registrant as the recipient's identification, at the secure 
communication service device, and refuse a delivery of the email from the sender when the 
personalized access ticket presented by the sender is registered at the secure communication 
service device in advance. 

85. (Original) The secure communication service device of claim 84, wherein the 
computer software causes the computer hardware to delete the personalized access ticket 
registered at the secure communication service device upon request from the specific 
registrant who registered the personalized access ticket. 

86. (Currently amended) The secure communication service device of claim 79 82, 
wherein the personalized access ticket also contains a transfer control flag indicating whether 
or not the sender should be authenticated by the secure communication service device, and 
when the transfer control flag contained in the personalized access ticket indicates mat the 
sender should be authenticated, the computer software causes me computer hardware to 
authenticate the sender's identification presented by the sender and refuse a delivery of the 
email when an authentication of the sender's identification fails. 

87. (Original) The secure communication service device of claim 86, wherein the 
computer software causes the computer hardware to realize the authentication of the sender's 
identification by a challenge/response procedure between the sender and the secure 
communication service device. 
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88. (Currently amended) The secure communication service device of claim 3° 82, 
wherein the sender's identification and the recipient's identification in the personalized access 
ticket are given by anonymous identifications of the sender and the recipient, where an 
anonymous identification of each user contains at least one fragment of an official 
identification of each user by which each user is uniquely identifiable by a certification 
authority, and the computer software also causes the computer hardware to probabilistically 
identify an identity of the sender by reconstructing the official identification of the sender by 
judging identity of a plurality of anonymous identifications of the sender contained in a 
plurality of personalized access tickets used by the sender. 

89. (Currently amended) The secure communication service device of claim W 82, 
wherein an anonymous identification of each user that contains at least one fragment of an 
official identification of each user by which each user is uniquely identifiable by a 
certification authority and a link information of each anonymous identification by which 
each anonymous identification can be uniquely identified are defined, the sender's 
identification and the recipient's identification in the personalized access ticket are given by a 
link information of the anonymous identification of the sender and a link information of the 
anonymous identification of the recipient, and the computer software also causes the 
computer hardware to probabilistically identify an identity of the sender by reconstructing 
the official identification of the sender by judging identity of a plurality of anonymous 
identifications of the sender corresponding to the link information contained in a plurality of 
personalized access tickets used by the sender. 

90. (Currently amended) The secure communication service device of claim 39 82, 
wherein when the access right of the sender with respect to the recipient is verified according 
to the personalized access ticket, the computer software causes the computer hardware to 
take out the recipient's identification from the personalized access ticket by using the sender's 
identification presented by the sender, convert the mail by using a taken out recipient's 
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identification into a format that can be interpreted by a mail transfer function for actually 
carrying out a mail delivery processing, and give the mail after conversion to the mail 
transfer function by attaching the personalized access ticket. 


91.-96. (Cancelled). 

97. (Currently amended) A r-nm puter usa b le medium haw computer readable program 
code means embodied therein fo r curing a computer to function as a .secure communication 
service device for use in a c ommunicatio n system realizing email access control, the 
com puter re adable prog ram code means includes: 

first computer readable program code means for causing said computer to receivea 
personalized access ticket container a sender's id entification and a recipient's identification 
in enrresponden™. which is pres e nted hv a sender who wishes to send an email to a recipient 
so as to spec if y the recipient as an inten ded destination of the email; and 

second mm piiter readable program code means for causing said computer to control 
accesses between the sender and the recipien t bv verifying an access right of the sender with 
res pect to the reci pient accor din g to the pers onalized access ticket, so as to connect 
rommunicatioT.^ hfttween the sender and the r ece i ver on the commimication network; 
The computer uiiublo medium nf rlnim "6, wherein the second computer readable program 
code means causes said computer to authenticate the personalized access ticket presented by 
the sender, and refuse a delivery of the email when the personalized access ticket presented 
by the sender has been altered. 

98. (Original) The computer usable medium of claim 97, wherein the personalized 
access ticket is signed by a secret key of a secure processing device which issued the 
personalized access ticket, and the second computer readable program code means causes 
said computer to authenticate the personalized access ticket by verifying a signature of the 
secure processing device in the personalized access ticket using a public key of the secure 
processing device. 
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99. (Currently amended) The computer usable medium of claim 96 97, wherein the first 
computer readable program code means causes said computer to also receive the sender's 
identification presented by the sender along with the personalized access ticket, and the 
second computer readable program code means causes said computer to check whether the 
sender's identification presented by the sender is contained in the personalized access ticket 
presented by the sender and refuse a delivery of the email when the sender's identification 
presented by the sender is not contained in the personalized access ticket presented by the 
sender. 

1 00. (Currently amended) The computer usable medium of claim 94 97, wherein the 
personalized access ticket also contains a validity period indicating a period for which the 
personalized access ticket is valid, and the second computer readable program code means 
causes said computer to check the validity period contained in the personalized access ticket 
presented by the sender and refuse a delivery of the email when the personalized access 
ticket presented by the sender contains the validity period that has already been expired. 

101. (Currently amended) The computer usable medium of claim 94 97, wherein the 
second computer readable program code means causes said computer to register in advance 
the personalized access ticket containing an identification of a specific user from which a 
delivery of emails to a specific registrant is to be refused as the sender's identification and an 
identification of the specific registrant as the recipient's identification, at the secure 
communication service device, and refuse a delivery of the email from the sender when the 
personalized access ticket presented by the sender is registered at the secure communication 
service device in advance. 

1 02. (Original) The computer usable medium of claim 101, wherein the second 
computer readable program code means causes said computer to delete the personalized 
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access ticket registered at the secure communication service device upon request from the 
specific registrant who registered the personalized access ticket. 

103. (Currently amended) The computer usable medium of claim 96 97, wherein the 
personalized access ticket also contains a transfer control flag indicating whether or not the 
sender should be authenticated by the secure communication service device, and when the 
transfer control flag contained in the personalized access ticket indicates that the sender 
should be authenticated, the second computer readable program code means causes said 
computer to authenticate the sender's identification presented by the sender and refuse a 
delivery of the email when an authentication of the sender's identification fails. 

104. (Original) The computer usable medium of claim 1 03, wherein the second 
computer readable program code means causes said computer to realize the authentication of 
the sender's identification by a challenge/response procedure between the sender and the 
secure communication service device. 

105. (Currently amended) The computer usable medium of claim 94 97, wherein the 
sender's identification and the recipient's identification in the personalized access ticket are 
given by anonymous identifications of the sender and the recipient, where an anonymous 
identification of each user contains at least one fragment of an official identification of each 
user by which each user is uniquely identifiable by a certification authority, and the second 
computer readable program code means also causes said computer to probabilistically 
identify an identity of the sender by reconstructing the official identification of the sender by 
judging identity of a plurality of anonymous identifications of the sender contained in a 
plurality of personalized access tickets used by the sender. 

106. (Currently amended) The computer usable medium of claim 96 97, wherein an 
anonymous identification of each user that contains at least one fragment of an official 
identification of each user by which each user is uniquely identifiable by a certification 
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authority and a link information of each anonymous identification by which each anonymous 
identification can be uniquely identified are defined, the sender's identification and the 
recipient's identification in Hie personalized access ticket are given by a link information of 
the anonymous identification of the sender and a link information of the anonymous 
identification of the recipient, and the second computer readable program code means also 
causes said computer to probabilistically identify an identity of the sender by reconstructing 
the official identification of the sender by judging identity of a plurality of anonymous 
identifications of the sender corresponding to the link information contained in a plurality of 
personalized access tickets used by the sender. 

107. (Currently amended) The computer usable medium of claim % 97, wherein when the 
access right of the sender with respect to the recipient is verified according to the 
personalized access ticket, the second computer readable program code means causes said 
computer to take out the recipient's identification from the personalized access ticket by 
using the sender's identification presented by the sender, convert the mail by using a taken 
out recipient's identification into a format that can be interpreted by a mail transfer function 
for actually carrying out a mail delivery processing, and give the mail after conversion to the 
mail transfer function by attaching the personalized access ticket. 

108. -112. (Cancelled). 
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